Most likely sure its backdoor'ed, do not use:
connecting to external nginx webserver "proxy.m4sportelo.hu" connection with username "BOT" password "-Redacted-asd" if connected sending an base 16 hex string 669787761736865726500 decoding to "ixwashere", initializing an UDP and TCP connection from port range 0-65535 and replying to PING with PONG to be sure its up.
It also check before completing the connection that the hardware its running on has enough resources of what seem to be 2 core and some quantity of memory
All of that happening inside of the added "AuthBypass.class"/ "AuthenticationBp.JavaPlugin.Bypass"
All of that is way enough to tell its shady asf and most likely an back door.
You have been warned